US11568091B2 - Method and system for integrity protected distributed ledger for component certificate attestation - Google Patents
Method and system for integrity protected distributed ledger for component certificate attestation Download PDFInfo
- Publication number
- US11568091B2 US11568091B2 US17/149,956 US202117149956A US11568091B2 US 11568091 B2 US11568091 B2 US 11568091B2 US 202117149956 A US202117149956 A US 202117149956A US 11568091 B2 US11568091 B2 US 11568091B2
- Authority
- US
- United States
- Prior art keywords
- distributed ledger
- component
- certificates
- integrity protected
- computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Definitions
- the present invention relates to manufacturing of computer systems. More specifically, embodiments of the invention relate to attesting component certificates to particular computer systems.
- Component vendors can create certificates associated with their components referred to as component certificates.
- the original equipment manufacturer (OEM) of a device e.g., computer system
- OEM original equipment manufacturer
- platform certificates e.g., platform certificates
- component vendors create the component certificates when the components are manufactured, and OEMs create platform certificates when the devices are manufactured.
- Component vendors manufacture components in quantity and may distribute the components to different OEMs.
- component certificates cannot be directly stored on components.
- Component certificates are provided or delivered separate from the components. It is desirable for an OEM of a device to discover and attest to specific component certificates during manufacturing or integration of devices.
- an end user of the device may desire to discover and attest to component certificates as to the end user's specific device.
- Component vendors can also have vendors that provide sub-components that are integrated into components. Such vendors can provide certificates for their sub-components. Therefore, the tracking, discovering, and attesting certificates becomes even more complicated.
- a system, method, and computer-readable medium are disclosed for attesting component certificates to particular devices.
- An enterprise hosted integrity protected distributed ledger such as a block chain, is provided to publish component certificates.
- Component vendors are provided authorization tokens to publish their component certificates.
- Manifests are generated by the original equipment manufacturer (OEM) that includes vendor component identifiers. End users discover the distributed ledger through a verification mechanism, and the component certificates are retrieved from the distributed ledger.
- OEM original equipment manufacturer
- FIG. 1 depicts a general illustration of a computing system as implemented in the system and method of the present invention
- FIG. 2 depicts a system for providing attestation of component certificates to particular computer systems
- FIG. 3 shows a flow chart for trusted enterprise supply chain attestation
- FIG. 4 shows a flow chart for attesting component certificates to particular devices, such as computer systems.
- a system, method, and computer readable medium are disclosed for attesting component certificates to particular devices, such as computer systems.
- a device original equipment manufacturer (OEM) provides an enterprise hosted integrity protected distributed ledger such as a block chain.
- Device platform and component certificates are published to the distributed ledger/block chain.
- the OEM i.e., enterprise of the OEM
- the OEM provides for necessary connectivity and tools, such as authorization tokens, to component vendors to publish to the distributed ledger/block chain. Therefore, component vendors can publish their component certificates using OEM enterprise provided authorization tokens to the OEM enterprise hosted distributed ledger/block chain.
- components that are used in the manufacture of or integrated into the computer system can include a motherboard, hard drive, central processing unit, network card, battery, various memory, etc.
- components have an identifier, which can include a serial number and/or certificate identifier and can be physically located on the component. This identifier provides a common identifier between the physical component and a published component certificate.
- Various implementations provide for the OEM to receive relevant component certificates correlated to the device or serial numbers.
- the serial numbers along with device identifier can be used to create a device platform certificate.
- the device platform certificate and signing certificates can be published to the distributed ledger/block chain.
- certificate creation can be implemented using various standards, such as X.509 key certificate and KPCS 11 process standards.
- An enterprise managed high security module or HSM can be used in a secure digital certificate creation process, producing a signed device platform certificate along with a signing certificate with a public signing key used for attestation.
- the signed device platform certificate created by the HSM is a manifest of a particular device that includes specific component certificate identifiers (ID).
- the manifest does not include vendor component certificates, which are published to the distributed ledger/block chain.
- Customers or end users can attest to their device and components (i.e., verify authenticity) by pulling component certificates from the distributed ledger/block chain, or looking up the component certificates in the distributed ledger/block chain based on identifiers, and verify that the certificate matches device information.
- an information handling system may include any instrumentality or aggregate of instrumentalities operable to compute, classify, process, transmit, receive, retrieve, originate, switch, store, display, manifest, detect, record, reproduce, handle, or utilize any form of information, intelligence, or data for business, scientific, control, or other purposes.
- an information handling system may be a personal computer, a network storage device, or any other suitable device and may vary in size, shape, performance, functionality, and price.
- the information handling system may include random access memory (RAM), one or more processing resources such as a central processing unit (CPU) or hardware or software control logic, ROM, and/or other types of nonvolatile memory.
- Additional components of the information handling system may include one or more disk drives, one or more network ports for communicating with external devices as well as various input and output (I/O) devices, such as a keyboard, a mouse, and a video display.
- the information handling system may also include one or more buses operable to transmit communications between the various hardware components.
- FIG. 1 illustrates an information handling system 100 that can be used to implement the system and method of the present invention.
- the information handling system 100 includes a processor (e.g., central processor unit or “CPU”) 102 , input/output (PO) devices 104 , such as a display, a keyboard, a mouse, and associated controllers, a hard drive or disk storage 106 , and various other subsystems 108 .
- the information handling system 100 also includes network port 110 operable to connect to a network 140 , which is likewise accessible by a service provider server 142 .
- the network 140 may be a public network, such as the Internet, a physical private network, a wireless network, a virtual private network (VPN), or any combination thereof. Skilled practitioners of the art will recognize that many such embodiments are possible, and the foregoing is not intended to limit the spirit, scope or intent of the invention.
- VPN virtual private network
- the information handling system 100 likewise includes system memory 112 , which is interconnected to the foregoing via one or more buses 114 .
- System memory 112 further includes an operating system (OS) 116 and applications 118 .
- OS operating system
- applications 118 are provided as a service from the service provider server 142 .
- applications 118 to include a distributed ledger/block chain generator 120 , a platform certificate generator 122 , and an authentication token generator 124 , which are further described herein.
- other subsystems 108 can include a high security module or HSM 126 as described above and further described herein.
- FIG. 2 is a simplified block diagram of a system for providing attestation of component certificates to particular computer systems.
- the system 200 provides for enterprise hosted integrity protected distributed ledger, such as a block chain.
- a device or computer system may be a laptop computer, as represented by a device (laptop computer) 202 , which is further merely described as laptop computer 202 .
- An original equipment manufacturer (OEM) 204 manufactures or integrates the laptop computer 202 .
- Various component vendors 206 - 1 , 206 - 2 to 206 -N provide particular components that are integrated into laptop computer 202 , such as a motherboard, hard drive, central processing unit, network card, battery, various memory, etc.
- the OEM 204 may be considered as including or included in an enterprise 208 .
- the enterprise 208 can include the information handling system 100 as described above.
- the system 200 includes the network 140 as described above, to which the enterprise 206 and vendors 206 are connected to.
- the enterprise 208 using the described information handling system 100 of FIG. 1 , generates, provides, and maintains enterprise controlled information 210 .
- the enterprise controlled information 210 can be connected to and provide information through the network 140 . It is to be understood that the enterprise controlled information 210 can reside on or at various locations, including cloud storage, and can be controlled by the enterprise 208 .
- administrator(s) 212 access(es) the enterprise 208 and administer(s) the enterprise controlled information 210 , which may be through the information handling system 100 .
- the information handling system 100 can include the distributed ledger/block chain generator 120 that creates an enterprise hosted integrity protected distributed ledger or ledgers, such as a block chain or distributed ledger/block chain 214 .
- the information handling system 100 can include the platform certificate generator 122 that creates a device platform certificate 216 as described above.
- information handling system 100 can include the authentication token generator 124 that creates authorization tokens 218 .
- authorization tokens 218 are provided to vendors 206 to publish component certificates to the distributed ledger/block chain 214 .
- a distributed ledger/block chain 214 can be specific to a product line of the OEM 204 . Therefore, in various embodiments, the enterprise controlled information 210 includes distributed ledger/block chain 214 , device platform certificate 216 , and authorization tokens 218 .
- the device platform certificate 216 is implemented.
- the device platform certificate 216 provides for component information such as hard drives, CPUs or memory DIMM manufacturer, model numbers ad serial numbers, among other details, to be included within a digital certificate, such as a X.509 digital certificate.
- component information such as hard drives, CPUs or memory DIMM manufacturer, model numbers ad serial numbers, among other details, to be included within a digital certificate, such as a X.509 digital certificate.
- vendors 206 to provide component digital certificates as further described below.
- various sub-vendors in the supply chain can be provide digital certificates as to their components. For example, chip vendors providing “silicon” to vendors 206 can provide digital certificates to their chips.
- a manifest 220 is provided.
- the manifest 220 can be created by an enterprise managed high security module or HSM 222 .
- the manifest 220 can be a signed device platform certificate 216 created by the HSM 222 as to a particular laptop computer 202 .
- the manifest 220 can include specific component certificate identifiers (ID) and can include a signing certificate with a public signing key used for attestation. Certificate creation can be implemented using various standards, such as X.509 key certificate and KPCS 11 process standards.
- the enterprise managed high security module or HSM 222 can be used in a secure digital certificate creation process, producing the signed device platform certificate 216 that includes a signing certificate with a public signing key used for attestation.
- the signed device platform certificate 216 created by the HSM is a manifest of a particular laptop 202 that includes specific component certificate identifiers (ID).
- the manifest 220 does not include the component certificates, which are published to the distributed ledger/block chain 214 .
- the system 200 includes various component vendors 206 - 1 , 206 - 2 to 206 -N providing different components for OEM 204 to integrate into laptop computer 202 .
- vendor 1 206 - 1 provides a component 1 224 - 1
- 206 - 2 provides a component 224 - 2 , up to vendor N 206 -N that provides a component 224 -N.
- Different numbers of components 224 can be produced by vendors 206 .
- a batch, or a number of components 224 are produced by vendors 206 .
- Each particular component 224 can have particular and unique component information, such as serial number, service tags, unique identifiers, lot number, etc. Such information can be considered as OEM diagnostics and can be included in a unique manifest 220 for a particular laptop computer 202 .
- the component related information is provided to enterprise 208 to create the unique manifest 220 .
- vendor 1 206 - 1 provides component 1 information 226 - 1
- vendor 2 206 - 2 provides component 2 information 226 - 2 , up to vendor N 206 -N providing component N information 226 -N.
- vendors 206 provide unique certificates for each particular component 224 .
- vendor 1 206 - 1 provides component 1 certificate 228 - 1
- vendor 2 206 - 2 provides component 2 certificate 228 - 2 , up to vendor N 206 -N providing component N certificate 228 -N.
- vendors 206 receive unique authorization tokens 220 to create individual digital component certificates 228 that allow the certificates 228 to be published to the distributed ledger/block chain 214 .
- each of the vendors 206 are configured to or include a high security module or HSM to secure the digital component certificates 228 in a similar manner as the enterprise managed HSM 222 .
- vendor 206 - 1 is configured to or includes an HSM 230 - 1
- vendor 206 - 2 is configured to or includes an HSM 230 - 2 , up to vendor 206 -N configured to or including an HSM 230 -N.
- HSMs 230 are used to produce a signed digital component certificate with a signing certificate with a public signing key used for attestation.
- the system 200 further includes various end user devices (i.e., information handling systems), as represented by a smartphone 232 .
- end user devices or smartphone 232 is accessible by end users, represented by end user 234 .
- end user 234 when an end user 204 receives their laptop computer 202 , the end user 234 also receives the device platform certificate 216 associated with the particular device or laptop computer 202 .
- the end user 234 is provided a web link to access the distributed ledger/block chain 214 which the digital component certificates 228 of their laptop computer 202 are published to.
- end user 234 With the proper decryption keys in the device platform certificate 216 , end user 234 is able to access the particular digital component certificates 228 of their laptop computer, that are published to the distributed ledger/block chain 214 . Therefore, end user 234 is able to attest to the components 224 that are integrated in their particular laptop computer 202 .
- FIG. 3 is a generalized flowchart 300 for trusted enterprise supply chain attestation.
- the flowchart 300 provides for an original equipment manufacturer (OEM) or an enterprise of an OEM to provide a trusted enterprise supply chain as to components of devices of the OEM.
- OEM original equipment manufacturer
- the order in which the method is described is not intended to be construed as a limitation, and any number of the described method blocks may be combined in any order to implement the method, or alternate method. Additionally, individual blocks may be deleted from the method without departing from the spirit and scope of the subject matter described herein.
- the method may be implemented in any suitable hardware, software, firmware, or a combination thereof, without departing from the scope of the invention.
- the process 300 starts.
- the OEM or the enterprise of the OEM provides for a distributed ledger, such as block chain.
- a distributed ledger or block chain is distributed ledger/block chain 214 described herein.
- the distributed ledger or block chain is an enterprise hosted integrity protected distributed ledger that supports the trusted enterprise supply chain.
- the OEM or the enterprise of the OEM requests vendors (e.g. vendors 206 ) to join the trusted enterprise supply chain.
- vendors e.g. vendors 206
- the vendors provide information as to components to the OEM or the enterprise of the OEM.
- component information 226 of components 224 are provided to OEM 204 or enterprise 208 .
- authorization is provided to the vendors to publish to the enterprise hosted distributed ledger.
- the authorization can be provided by the OEM or the enterprise of the OEM.
- vendors are provided necessary connectivity and tools, such as authorization tokens, to publish to the distributed ledger/block chain. Therefore, component vendors can publish component certificates using OEM enterprise provided authorization tokens to the OEM enterprise hosted distributed ledger/block chain.
- devices such as laptop computer 202 are manufactured or assembled by the OEM.
- the OEM has component information as to the specific components that are installed in the device or laptop computer 202 .
- certificates are created.
- the certificates can include the device platform certificate(s) 216 and component certificate(s) 228 as described above.
- the certificates can be secured or encrypted using a high security module or HSM as described above.
- the components are published to the distributed ledger, such as a block chain.
- Component vendors can publish component certificates using authorization tokens provided by the OEM or enterprise of the OEM.
- the device platform certificates can also be published to the distributed ledger or block chain.
- attestation is performed as to the device and its components.
- a verification mechanism is provided for a customer or end user 234 to attest to a device or laptop 202 .
- Such a verification mechanism can be a mobile application as described above on a separate end user device that provides a link to the distributed ledger or block chain.
- certificate IDs used to access the certificates on the distributed ledger or block chain.
- FIG. 4 is a generalized flowchart 400 for attesting component certificates to particular devices, such as computer systems.
- the order in which the method is described is not intended to be construed as a limitation, and any number of the described method blocks may be combined in any order to implement the method, or alternate method. Additionally, individual blocks may be deleted from the method without departing from the spirit and scope of the subject matter described herein. Furthermore, the method may be implemented in any suitable hardware, software, firmware, or a combination thereof, without departing from the scope of the invention.
- the process 400 starts.
- configuring an enterprise hosted integrity protected distributed ledger to publish certificates including the component certificates is performed.
- the distributed ledger can be a block chain.
- signed device platform certificates can be published to the distributed ledger.
- each authorization token can be specific to a component certificate.
- Various implementations provide for other connectivity tools for vendors to publish to the enterprise hosted integrity protected distributed ledger.
- generating a manifest for a device that includes an identifier is performed.
- the manifest is particular to a device (e.g., laptop computer) and can include specific component certificate identifiers (ID) and component information.
- providing a verification mechanism that discovers the enterprise hosted integrity protected distributed ledger is performed.
- the verification mechanism can be a mobile application on a separate devices that opens a web link to the discovers the enterprise hosted integrity protected distributed ledger.
- the present invention can be embodied as a method, system, or computer program product. Accordingly, embodiments of the invention can be implemented entirely in hardware, entirely in software (including firmware, resident software, micro-code, etc.) or in an embodiment combining software and hardware. These various embodiments can all generally be referred to herein as a “circuit,” “module,” or “system.” Furthermore, the present invention can take the form of a computer program product on a computer-usable storage medium having computer-usable program code embodied in the medium.
- the computer-usable or computer-readable medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, or a magnetic storage device.
- a computer-usable or computer-readable medium can be any medium that can contain, store, communicate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
- Computer program code for carrying out operations of the present invention can be written in an object oriented programming language such as Java, Smalltalk, C++ or the like.
- the computer program code for carrying out operations of the present invention can also be written in conventional procedural programming languages, such as the “C” programming language or similar programming languages.
- the program code can execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server.
- the remote computer can be connected to the user's computer through a local area network (LAN) or a wide area network (WAN), or the connection can be made to an external computer (for example, through the Internet using an Internet Service Provider).
- LAN local area network
- WAN wide area network
- Internet Service Provider for example, AT&T, MCI, Sprint, EarthLink, MSN, GTE, etc.
- Embodiments of the invention are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
- These computer program instructions can also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function/act specified in the flowchart and/or block diagram block or blocks.
- the computer program instructions can also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Power Engineering (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
Claims (20)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/149,956 US11568091B2 (en) | 2021-01-15 | 2021-01-15 | Method and system for integrity protected distributed ledger for component certificate attestation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/149,956 US11568091B2 (en) | 2021-01-15 | 2021-01-15 | Method and system for integrity protected distributed ledger for component certificate attestation |
Publications (2)
Publication Number | Publication Date |
---|---|
US20220229938A1 US20220229938A1 (en) | 2022-07-21 |
US11568091B2 true US11568091B2 (en) | 2023-01-31 |
Family
ID=82405199
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/149,956 Active 2041-06-06 US11568091B2 (en) | 2021-01-15 | 2021-01-15 | Method and system for integrity protected distributed ledger for component certificate attestation |
Country Status (1)
Country | Link |
---|---|
US (1) | US11568091B2 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11568091B2 (en) * | 2021-01-15 | 2023-01-31 | Dell Products L.P. | Method and system for integrity protected distributed ledger for component certificate attestation |
US20230239163A1 (en) * | 2022-01-26 | 2023-07-27 | Microsoft Technology Licensing, Llc | Establishing pki chain of trust in air gapped cloud |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100111294A1 (en) * | 2007-03-14 | 2010-05-06 | Andrea Soppera | Verification of movement of items |
US20180004953A1 (en) * | 2016-06-30 | 2018-01-04 | General Electric Company | Secure industrial control platform |
US11017090B2 (en) * | 2018-12-17 | 2021-05-25 | Hewlett Packard Enterprise Development Lp | Verification of a state of a platform |
US20220229938A1 (en) * | 2021-01-15 | 2022-07-21 | Dell Products L.P. | Method and System for Integrity Protected Distributed Ledger for Component Certificate Attestation |
-
2021
- 2021-01-15 US US17/149,956 patent/US11568091B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100111294A1 (en) * | 2007-03-14 | 2010-05-06 | Andrea Soppera | Verification of movement of items |
US20180004953A1 (en) * | 2016-06-30 | 2018-01-04 | General Electric Company | Secure industrial control platform |
US11017090B2 (en) * | 2018-12-17 | 2021-05-25 | Hewlett Packard Enterprise Development Lp | Verification of a state of a platform |
US20220229938A1 (en) * | 2021-01-15 | 2022-07-21 | Dell Products L.P. | Method and System for Integrity Protected Distributed Ledger for Component Certificate Attestation |
Non-Patent Citations (3)
Title |
---|
DMTF, Security Protocol and Data Model (SPDM) Architecture White Paper, Document Identifier DSP2058, version 1.0.0, May 13, 2020 https://www.dmtf.org/sites/default/files/standards/documents/DSP2058_1.0.0.pdf. |
Tom Dodson et al., Intel, Blockchain Augmentation of the Trusted Supply Chain, RSA Conference 2019, San Francisco CA, Mar. 4-8, 2019, Session ID: PDAC-F02 https://published-prd.lanyonevents.com/published/rsaus19/sessionsFiles/13424/PDAC-F02-Blockchain-Augmentation-of-the-Trusted-Supply-Chain.pdf. |
Tom Dodson, Monty Wiseman, "Trusted Supply Chain & Remote Provisioning With The Trusted Platform Module", Apr. 2018, RSA Conference 2018, p. 1-19. (Year: 2018). * |
Also Published As
Publication number | Publication date |
---|---|
US20220229938A1 (en) | 2022-07-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10268844B2 (en) | Embedding foundational root of trust using security algorithms | |
CN110765437B (en) | Module for securely providing assets to a target device | |
TWI817930B (en) | Device programming system with device authentication | |
US10990687B2 (en) | System and method for user managed encryption recovery using blockchain for data at rest | |
US8548919B2 (en) | System and method for self-provisioning of virtual images | |
US8832032B2 (en) | Acceleration of cloud-based migration/backup through pre-population | |
US8429641B2 (en) | System and method for migration of digital assets | |
US8949401B2 (en) | Automated digital migration | |
US11693948B2 (en) | Verifiable labels for mandatory access control | |
US9678766B2 (en) | Controlling the configuration of computer systems | |
US11568091B2 (en) | Method and system for integrity protected distributed ledger for component certificate attestation | |
CN110689295A (en) | Block chain universal RFID translator | |
TW202123651A (en) | Device programming with system generation | |
US9749374B2 (en) | Systems and methods for digital fulfillment of streaming applications | |
US10387927B2 (en) | System and method for entitling digital assets | |
US20230009032A1 (en) | Systems and methods for authenticating the identity of an information handling system | |
US11822669B2 (en) | Systems and methods for importing security credentials for use by an information handling system | |
JP2024501401A (en) | Decentralized broadcast encryption and key generation facility | |
CN116583833A (en) | Self-auditing blockchain | |
US11822668B2 (en) | Systems and methods for authenticating configurations of an information handling system | |
US11799641B2 (en) | System functionality activation using distributed ledger | |
US20140108657A1 (en) | System and method for managing entitlement of digital assets | |
US11790057B2 (en) | Controlling program execution using an access key | |
US20230246845A1 (en) | Secret Protection During Software Development Life Cycle | |
US11843707B2 (en) | Systems and methods for authenticating hardware of an information handling system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: DELL PRODUCTS L.P., TEXAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ROBISON, CHARLES D.;SONI, VAIBHAV;REEL/FRAME:054931/0263 Effective date: 20201207 |
|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
AS | Assignment |
Owner name: CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, NORTH CAROLINA Free format text: SECURITY AGREEMENT;ASSIGNORS:EMC IP HOLDING COMPANY LLC;DELL PRODUCTS L.P.;REEL/FRAME:055408/0697 Effective date: 20210225 |
|
AS | Assignment |
Owner name: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT, TEXAS Free format text: SECURITY INTEREST;ASSIGNORS:EMC IP HOLDING COMPANY LLC;DELL PRODUCTS L.P.;REEL/FRAME:055479/0342 Effective date: 20210225 Owner name: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT, TEXAS Free format text: SECURITY INTEREST;ASSIGNORS:EMC IP HOLDING COMPANY LLC;DELL PRODUCTS L.P.;REEL/FRAME:055479/0051 Effective date: 20210225 Owner name: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT, TEXAS Free format text: SECURITY INTEREST;ASSIGNORS:EMC IP HOLDING COMPANY LLC;DELL PRODUCTS L.P.;REEL/FRAME:056136/0752 Effective date: 20210225 |
|
AS | Assignment |
Owner name: EMC IP HOLDING COMPANY LLC, TEXAS Free format text: RELEASE OF SECURITY INTEREST AT REEL 055408 FRAME 0697;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058001/0553 Effective date: 20211101 Owner name: DELL PRODUCTS L.P., TEXAS Free format text: RELEASE OF SECURITY INTEREST AT REEL 055408 FRAME 0697;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058001/0553 Effective date: 20211101 |
|
AS | Assignment |
Owner name: DELL PRODUCTS L.P., TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (056136/0752);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:062021/0771 Effective date: 20220329 Owner name: EMC IP HOLDING COMPANY LLC, TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (056136/0752);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:062021/0771 Effective date: 20220329 Owner name: DELL PRODUCTS L.P., TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (055479/0051);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:062021/0663 Effective date: 20220329 Owner name: EMC IP HOLDING COMPANY LLC, TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (055479/0051);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:062021/0663 Effective date: 20220329 Owner name: DELL PRODUCTS L.P., TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (055479/0342);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:062021/0460 Effective date: 20220329 Owner name: EMC IP HOLDING COMPANY LLC, TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (055479/0342);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:062021/0460 Effective date: 20220329 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |